[Samba] Re: Winbind & adding users... is `useradd` being called? %u
parameter?
Fabian Arrotin
fabian.arrotin at arrfab.net
Mon Dec 12 13:06:38 GMT 2005
Stroller wrote:
> Hi there,
>
> This is probably a dumb question, so my apologies, but I've set up
> WinBind on my my Samba box & it seems to be authenticating against the
> domain, however new user accounts do not seem to be added.
They will never be added : you're using winbind to avoid that !
Don't forget that add user script is used when samba is acting as a
domain controller, but that's not the case here.
Winbind is used to simulate local unix users instead of create them locally.
>
> `wbinfo -u` returns a list of the users on the domain and I seem to have
> setup my IMAP server correctly to authenticate against that (using PAM),
> as I see the following in /var/log/messages when I try to log in to my
> IMAP server:
>
> Dec 12 11:33:37 baby imapd: Connection, ip=[127.0.0.1]
> Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
> Dec 12 11:33:37 baby pam_winbind[32640]: user 'ned' granted access
> Dec 12 11:33:37 baby imapd: networkned: chdir(/home/DOMAIN/ned)
> failed!!
> Dec 12 11:33:37 baby imapd: error: No such file or directory
> Dec 12 11:33:37 baby imapd: LOGIN FAILED, user=networkned,
> ip=[127.0.0.1]
> Dec 12 11:33:37 baby imapd: authentication error: No such file or
> directory
>
> Initially in smb.conf I had simply uncommented the line which says:
> add user script = /usr/sbin/useradd -s /bin/false '%u'
> but of course(as pointed out on the IRC channel) `useradd requires the
> -m flag in order to create a home directory for the user, so I set it
> like this:
> add user script = /usr/sbin/useradd -m -s /bin/false '%u'
> but that gives me the same error.
>
> The log shows that the IMAP server is trying to chdir into the home
> directory "/home/DOMAIN/ned", so I'm unclear on how `useradd` is being
> called - is it being called as `/usr/sbin/useradd -m -s /bin/false
> 'DOMAIN/ned'` or as something else?
See my previous answer ...
If you want your Windows users to log on your Samba server for IMAP,
create first a home directory with correct permissions ... (i know it
exists pam_mkhomedir.so, but i've never played with it )
Anyway : why do you want Windows users to log on your imap server ? Have
you already configured your sendmail (or postfix) MTA server to work
with Windows users ? Your MTA server will have to know where to look for
virtual users and where to drop mails ....
Question is : what's the context of the whole thing ?
>
> Obviously I would try adding the user manually in order to troubleshoot
> this, but I'd like to establish what '%u' Samba is passing to `useradd`
> first. Consequently I edited the "add user script" as below, but nothing
> is written to /tmp/foo.
> add user script = /root/foo.sh '%u'
>
> # ls -l /root/foo.sh
> -rwxrwxrwx 1 root root 54 Dec 12 11:31 /root/foo.sh
> # ls -l /tmp/foo
> -rw-rw-rw- 1 root root 15 Dec 12 11:31 /tmp/foo
> # cat /tmp/foo
> gjitijt jgitjt
> # cat /root/foo.sh
> #!/bin/bash
> echo "$@" >> /tmp/foo
> exit 0
> # /root/foo.sh howdy doody
> # cat /tmp/foo
> gjitijt jgitjt
> howdy doody
> #
>
> I've added a subdirectory of /home for the DOMAIN, but that makes no
> difference:
>
> # ls -ld /home/
> drwxr-xr-x 4 root root 120 Dec 12 11:17 /home/
> baby ~ # ls -l /home/
> total 0
> drwxr-xr-x 2 root root 48 Dec 12 11:17 DOMAIN
> drwxr-xr-x 3 stroller users 192 Dec 7 12:32 stroller
>
> I'm not an expert at PAM, so maybe that's what I'm doing wrong?
>
> # cat /etc/pam.d/imap
> auth required pam_nologin.so
> auth required pam_winbind.so
> account sufficient pam_winbind.so
> account required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
>
> I don't see what I'm doing wrong here, so I'd be extremely grateful for
> any suggestions,
>
> Stroller.
>
More information about the samba
mailing list